Who controls the off switch?

We have a new paper on the strategic vulnerability created by the plan to replace Britain’s 47 million meters with smart meters that can be turned off remotely. The energy companies are demanding this facility so that customers who don’t pay their bills can be switched to prepayment tariffs without the hassle of getting court orders against them. If the Government buys this argument – and I’m not convinced it should – then the off switch had better be closely guarded. You don’t want the nation’s enemies to be able to turn off the lights remotely, and eliminating that risk could just conceivably be a little bit more complicated than you might at first think. (This paper follows on from our earlier paper On the security economics of electricity metering at WEIS 2010.)

Post navigation

15 thoughts on “Who controls the off switch?”

Great article and a great pair of papers. Once again it seems that the large commercial entities are going to get their way in implementing something that makes both our privacy and way of life more vulnerable to the whims of a small number of CEO’s.

I also wonder if the focus is really on solving the right problem. After all, could the money required for new meters not be better spent on researching cleaner and cheaper energy generation? Would having cheaper and cleaner energy mean that the measurement of consumption is less of a commercial driver?

@Carl: Just trying to put forward the perspective of the network operators on this. So one of the reasons cited by the distribution network operators supporting the smart metering program is that, as of today, while they know a lot about the transmission network and upto the level of primary distribution, they do not have as much information at the secondary distribution level and lower down the chain. The situation will become still more complex with new renewable sources of energy with every house becoming a generator (at least that is the vision of the future). The idea is that smart meters might come to the rescue there, since the DNOs would be able to get the information from each house (each generator if you might say) and this would help in managing the overall dependability of the grid. The question is, do we really need to have smart meters in every house to do this or can we do it by simply having better measurement capabilities at the secondary distribution substation level.

A smart attack that took out just a few million meters could trigger a near total grid failure. As we saw in the northeast of the USA and Canada in 2003 (50 million left without power because a tree fell across pylon line), the grid system is very vulnerable.

The picture of a large-scale attack on the power-grid is of course horrifying, but don’t forget what opportunities controlling the power switch opens to more common kinds of crime: extortion and revenge become like playing a video game. Other nice tactic: look for a shop that stays open although you shut down their power. At the end of the day they will have lot more cash than normal and if you steal the book they have written the sales in too, nobody will know how much you stole.

And if you want to do a big time crime, like a big robbery: start by crippling the police and private security firms by turning of their mains and reverting them to emergency power. Then start shutting down power to buildings with elevators throughout the town, so all the forces are on the street, on the wrong place. Next do some shops and banks so the security people have to watch those objects (if that isn’t enough, keep switching the power on and of until their utility-power systems / alarm systems break). And now with everybody running around, wandering what is going on, do what you want to do…

Although I agree that your argument is valid from a freedom perspective, what is not clear is that already there is more than enough opportunity to disable the electric grid; what these meters will do is make it childs play.

there are benefits and weaknesses in making a grid/metering smart. a smarter grid will be able to solve issues in a way but can be exploited equally.

As for the rather fancyful idea of upping a stores cash level if they lost power they shut for a day. they would loose more money as the vast majority of their transactions are now cash based. we had a substation fire in Nottingham city centre a while back which closed the town centre effectively, more money wasnt taken.

above all this though is if you want to do that, why wait? simply cut through the power line with a JCB or similar physical attack.

The only difference smart metering/grids allow is you can do it with less risk. Health and Safety at work there for criminals!

Better be an organisation independant of the electricity companies, so that when – let’s say you have a contract with a company like British Gas and are up to date with your payments – another company like Southern Electric would not cut your power supply because you did not pay (while denying everything for more than one year).
At least an independant organisation would answer the request by “of course they did not pay you, they are not one of your costumer”.
First hand experience…

The answer to this question, I fear is hackers! If this does get rolled out, and some government admin bod says in a press conference, “Of course it’s going to be secure!” every hacker is going to take up the challenge. Some bright spark discovers that you can do it via e-billing quite easily, then poof! Everyone in London W12 is sat in the dark! I get the feeling I’m preaching to the converted though….

I suspect the power companies will get their way on this – politicians have a history of folding to lobbying pressure.
Whichever way it goes it does highlight how technology is the new battleground between individuals and corporations… if we lose the electric battle today I fear we’ll be more likely to lose the net battle tomorrow.

What these smart meters are about are stratifying the market so the public generally get a worse deal. Like phones, the market will be sliced and diced and most people will just sigh and pay what they thinks “sounds cheap”.

I guess we are lucky there aren’t whole industries that exist to manipulate public perception, and they don’t also do things outside their market. Like web search, or something.

There is probably also scope for lock-in with these meters, plus they want to provide shiny but poor data services. A mate has a smart meter and an “app” on his phone, the program shows lots of numbers and stuff but really the data is not that great. You can’t, for instance, get the program to show your usage but if you were paying at another company’s rates. You can’t export data to be able to make that calculation yourself.

Industry pretends to supply comparable data with some figure that is calculated based on average usage, there’s some they seem to have started bandying about that supposedly takes into account the daily charge, which for some people can be more than the kWh costs. Or course, no one person is normal and so assuming that will describe you is likely faulty, and will almost definitely lead to the person making a bad choice about who can provide them the best value energy.